handle strong SHA-2 signatures in X.509 certificates
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 21 Feb 2007 13:08:45 +0000 (13:08 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 21 Feb 2007 13:08:45 +0000 (13:08 -0000)
src/pluto/oid.txt
src/pluto/pkcs1.c

index eed46d5..e875002 100644 (file)
           0x03               "csor"
             0x04             "nistalgorithm"
               0x02           "hashalgs"
-                0x01         "id-SHA-256"
-                0x02         "id-SHA-384"
-                0x03         "id-SHA-512"
+                0x01         "id-SHA-256"              OID_SHA256
+                0x02         "id-SHA-384"              OID_SHA384
+                0x03         "id-SHA-512"              OID_SHA512
         0x86                 ""
           0xf8               ""
             0x42             "netscape"
index 4139389..ade5fdd 100644 (file)
@@ -21,6 +21,7 @@
 #include <string.h>
 
 #include <freeswan.h>
+#include <libsha2/sha2.h>
 
 #include "constants.h"
 #include "defs.h"
@@ -290,29 +291,31 @@ compute_digest(chunk_t tbs, int alg, chunk_t *digest)
 {
     switch (alg)
     {
-       case OID_MD2:
-       case OID_MD2_WITH_RSA:
+    case OID_MD2:
+    case OID_MD2_WITH_RSA:
        {
            MD2_CTX context;
+
            MD2Init(&context);
            MD2Update(&context, tbs.ptr, tbs.len);
            MD2Final(digest->ptr, &context);
            digest->len = MD2_DIGEST_SIZE;
            return TRUE;
        }
-       case OID_MD5:
-       case OID_MD5_WITH_RSA:
+     case OID_MD5:
+     case OID_MD5_WITH_RSA:
        {
            MD5_CTX context;
+
            MD5Init(&context);
            MD5Update(&context, tbs.ptr, tbs.len);
            MD5Final(digest->ptr, &context);
            digest->len = MD5_DIGEST_SIZE;
            return TRUE;
        }
-       case OID_SHA1:
-       case OID_SHA1_WITH_RSA:
-       case OID_SHA1_WITH_RSA_OIW:
+     case OID_SHA1:
+     case OID_SHA1_WITH_RSA:
+     case OID_SHA1_WITH_RSA_OIW:
        {
            SHA1_CTX context;
 
@@ -322,9 +325,45 @@ compute_digest(chunk_t tbs, int alg, chunk_t *digest)
            digest->len = SHA1_DIGEST_SIZE;
            return TRUE;
        }
-       default:
-           digest->len = 0;
-           return FALSE;
+     case OID_SHA256:
+     case OID_SHA256_WITH_RSA:
+       {
+           sha256_context context;
+
+           sha256_init(&context);
+           sha256_write(&context, tbs.ptr, tbs.len);
+           sha256_final(&context);
+           memcpy(digest->ptr, context.sha_out, SHA2_256_DIGEST_SIZE);
+           digest->len = SHA2_256_DIGEST_SIZE;
+           return TRUE;
+       }
+     case OID_SHA384:
+     case OID_SHA384_WITH_RSA:
+       {
+           sha512_context context;
+
+           sha384_init(&context);
+           sha512_write(&context, tbs.ptr, tbs.len);
+           sha512_final(&context);
+           memcpy(digest->ptr, context.sha_out, SHA2_384_DIGEST_SIZE);
+           digest->len = SHA2_384_DIGEST_SIZE;
+           return TRUE;
+       }
+     case OID_SHA512:
+     case OID_SHA512_WITH_RSA:
+       {
+           sha512_context context;
+
+           sha512_init(&context);
+           sha512_write(&context, tbs.ptr, tbs.len);
+           sha512_final(&context);
+           memcpy(digest->ptr, context.sha_out, SHA2_512_DIGEST_SIZE);
+           digest->len = SHA2_512_DIGEST_SIZE;
+           return TRUE;
+       }
+     default:
+       digest->len = 0;
+       return FALSE;
     }
 }